|
Very nice. But this looks like it as part of the whole easyRSA
effort, not something I can easily feed into the openssl command to
create the cert. It would take a fair bit of digging to dig out
what I need for now. Definitely something I will look into soon, as providing a simple PKI for a small installation has long been on my list. But the effort name is limiting. What about ECDSA and EDDSA certs? :) On 03/10/2017 06:58 AM, Jochen Bern
wrote:
On 03/10/2017 01:10 AM, openssl-users-request@xxxxxxxxxxx digested:Thing is that this then prompts for a number of fields:[...]Is there some 'simple' way to provide these answers? Like with env variables?Yes, and as others have already pointed out, there's also the possibility of command line parameters given to OpenSSL. A publicly available set of scripts that makes heavy use of the env var method and might serve as an example would be easyRSA (here, version 3):# grep EASYRSA_REQ_ openssl-1.0.cnf commonName_default = $ENV::EASYRSA_REQ_CN countryName_default = $ENV::EASYRSA_REQ_COUNTRY stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE localityName_default = $ENV::EASYRSA_REQ_CITY 0.organizationName_default = $ENV::EASYRSA_REQ_ORG organizationalUnitName_default = $ENV::EASYRSA_REQ_OU commonName_default = $ENV::EASYRSA_REQ_CN emailAddress_default = $ENV::EASYRSA_REQ_EMAIL |
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
